» waiwguwai.exe
Overview
Analysis
File Details

waiwguwai.exe

The executable waiwguwai.exe has been detected as malware by 27 anti-virus scanners.

File name:

waiwguwai.exe

MD5:

40eda81564a8b9e5e3aaf9f78f5a1fb9

SHA-1:

06f2fc03c214089959c6cd37cff53d9cd4cca521

SHA-256:

08df3c297f52d9e03618985e1c3c5238e59446e0d12dd46b686d285f7bf5cd33

Scanner detections:

27 / 68

Status:

Malware

Analysis date:

4/26/2024 2:17:37 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.3015751

368

AhnLab V3 Security

Trojan/Win32.Upbot

2016.01.30

Avira AntiVirus

TR/Crypt.ZPACK.188058

8.3.2.4

Arcabit

Trojan.Generic.D2E0447

1.0.0.646

avast!

Win32:Dorder-T [Trj]

160201-0

AVG

Crypt_r

2017.0.2846

Bitdefender

Trojan.GenericKD.3015751

1.0.20.160

Dr.Web

BackDoor.IRC.NgrBot.42

9.0.1.05190

Emsisoft Anti-Malware

Trojan.GenericKD.3015751

10.0.0.5366

ESET NOD32

Win32/Kryptik.EMAN trojan

7.0.302.0

Fortinet FortiGate

W32/Kryptik.EMAN!tr

2/1/2016

F-Prot

W32/Agent.XL.gen

v6.4.7.1.166

F-Secure

Trojan.GenericKD.3015751

5.15.21

G Data

Trojan.GenericKD.3015751

16.2.25

IKARUS anti.virus

Trojan.Win32.Crypt

t3scan.2.0.4.0

Kaspersky

Worm.Win32.Ngrbot

15.0.0.562

Malwarebytes

Backdoor.Andromeda

v2016.02.01.05

McAfee

Trojan.Artemis!40EDA81564A8

18.0.204.0

Microsoft Security Essentials

Worm:Win32/Dorkbot

1.1.12400.0

MicroWorld eScan

Trojan.GenericKD.3015751

17.0.0.96

Norman

Trojan.GenericKD.3015751

11.01.2016 17:30:26

Panda Antivirus

Generic Suspicious

16.02.01.05

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1077

Rising Antivirus

PE:Trojan.Kryptik!1.A32E [F]

23.00.65.16130

Sophos

Mal/Wonton-BZ

4.98

Trend Micro House Call

TROJ_FORUCON.BMC

7.2.32

Trend Micro

TROJ_FORUCON.BMC

10.465.01

File size:

307.5 KB (314,880 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\waiwguwai.exe

File PE Metadata

Compilation timestamp:

1/28/2016 3:14:21 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:NkqGd2f8VzAOgvUzXsdi5Jua19KTEswvN42:NL785wUz8uu29KfwvP

Entry address:

0x73E0

Entry point:

E8, 72, B8, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B, 44, 24, 0C, D1, E9, D1, DB, D1, EA, D1, D8, 0B, C9, 75, F4, F7, F3, 8B, F0, F7, 64, 24, 18, 8B, C8, 8B, 44, 24, 14, F7, E6, 03, D1, 72, 0E, 3B, 54, 24, 10, 77, 08, 72, 07, 3B, 44, 24, 0C, 76, 01, 4E, 33, D2, 8B, C6, 5E, 5B, C2, 10, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08... 
[+]

Entropy:

6.7865

Code size:

105 KB (107,520 bytes)

Remove waiwguwai.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.